The present invention relates to virtual worlds, and in particular to methods and systems for authenticating that an avatar in a virtual world is a computer-driven avatar.
In the context of virtual worlds, both people and software agents may be represented as avatars. Avatars may include any type of recognizable, identifying information, but in typical applications, avatars usually comprise an image. Furthermore, this image may be as simple as a two-dimensional icon, and as complex as a detailed three-dimensional image, for example a detailed rendering of a human or humanoid. On particularly notable and exemplary conventional virtual world is Second Life, where avatars comprising a three-dimensional computer-generated image of a human represent human-controlled and software-controlled entities alike.
One recognized problem prevalent in typical virtual worlds such as Second Life is the existence and activity of entities determined to disrupt the virtual world operation and/or the activities of other users populating the virtual world. These entities are conventionally known as “griefers,” and the consequences of griefers' activities are conventionally known as “griefing.” Griefing is a significant problem to virtual world management, and is a primary contributor to customer dissatisfaction. Indeed, as much as 25% of customer support communications deal specifically with griefing.
Activity similar to griefing is not limited to virtual worlds. Indeed, many online resources have experienced adverse consequences resulting from the operation of human and/or software entities designed to compromise resource integrity and (typically) access protected information, such as financial information. Typical examples of such conventional software entities are web-crawlers, phishing programs, worms, Trojan-horses, and etc.
Often, a typical virtual world griefer is a software entity created by a human user populating the virtual world. Those familiar with typical virtual worlds recognize these software entities as “bots.” In an attempt to control and reduce griefing, typical approaches have relied on authentication technologies capable of distinguishing human-controlled entities from software-controlled entities. In particular, typical authentication systems and methods focus on verifying that an avatar in a virtual world is controlled by a human by utilizing a challenge-response test.
The exemplary conventional authentication system is CAPTCHA, sometimes described as a “reverse-Turing test.” CAPTCHA (and other typical authentication systems) typically presents an entity seeking access to an online resource with a challenge that may not be solved by a machine. For example, a common variety of CAPTCHA authentication includes presenting an entity seeking access with a distorted image comprising letters and/or numbers. The entity is required to reproduce the distorted letters and/or numbers from the image into a text field. Other common varieties of CAPTCHA authentication include presenting an entity seeking access with an auditory stimulus, such as a recording of a human voice speaking a short phrase. The entity is required to reproduce the text of the short phrase into a text field. The essential element of all conventional authentication systems is presenting a challenge, such as those described above, that a machine is incapable of satisfying, or at least a challenge that a machine performs with significantly less accuracy than a human.
CAPTCHA technology, as well as other conventional authentication systems, are highly effective in the intended context of determining whether an entity seeking access to a resource is controlled by a human. However, these conventional approaches are not capable of verifying the reverse proposition: namely that a particular entity seeking access to a resource is controlled by a machine. This leaves open many opportunities for a human-controlled entity to gain unauthorized access to resources, especially to resources intended to be accessed only by machine-controlled entities.
Since the advent of conventional authentication techniques such as CAPTCHA, machine-controlled entities have experienced significantly less success in gaining unauthorized access to resources protected by authentication. Accordingly, entities seeking unauthorized access may be increasingly represented not by machine-control, but rather by human control. Thus, there is a need in the art to provide a system, method, and computer program product capable of authenticating that an entity seeking access to a resource is a machine-controlled entity in order to provide resource security against unauthorized access by human-controlled entities.